What is Security Pulse?
Security Pulse is a powerful security telemetry and behavioural analytics feature within the Phriendly Phishing platform. It enables your organisation to ingest real-time events and telemetry data from your existing security vendors such as Microsoft 365 and Microsoft Defender directly into the Phriendly Phishing platform.
Security Pulse analyses this data to map and score your users' real-world security behaviours, giving you a clear picture of how your people interact with threats in their day-to-day work.
Unlike simulated phishing which tests learner responses to test emails, Security Pulse captures and analyses actual security events from your production environment — providing ground-truth insights into your organisation's security posture.
Benefits of Security Pulse
Real-World Behavioural Insights — Move beyond simulated testing. Security Pulse analyses actual security events from your environment, showing you how your people truly behave when faced with real threats.
Centralised Security Visibility — Aggregate telemetry data from multiple security vendors into a single, unified dashboard within Phriendly Phishing — no need to switch between tools.
Holistic Risk Scoring — Each learner and your organisation as a whole receive a Security Pulse Score based on real security event data, giving you a measurable and trackable resilience metric.
Targeted Training Decisions — Identify which users or groups are triggering the most security events, and use this data to assign targeted awareness training where it is needed most.
Proactive Threat Detection — Monitor detected events across email, endpoints, web browsing, and data loss prevention, enabling faster response to at-risk learners.
Getting Started : Integration & Configuration
Requirement
Connect your security vendor(s) and map your users in order for the Security Pulse Dashboard to populate with data.
1.) App Integration
Security Pulse supports integration with security vendors such as Microsoft 365 and Microsoft Defender.
To set up an integration:
- Navigate to Admin → App Integration.
- Browse the list of supported applications available for integration.
- Select your vendor (e.g., Microsoft 365) and follow the guided configuration to connect via API or Webhook.
- The integration will require credentials from your vendor environment (e.g., Azure App Registration with appropriate permissions for Microsoft 365).
- Once connected, Security Pulse will begin ingesting security event data from your vendor into the Phriendly Phishing platform.
2.) User Mapping
After connecting a vendor, you need to map your learners to their corresponding vendor accounts so that Security Pulse can associate security events with the correct individuals.
- Navigate to Admin → App Integration → User Mapping tab.
- Map each learner's Phriendly Phishing email address to their corresponding vendor email or unique ID.
- A single learner can be mapped to multiple vendors if your organisation uses more than one integrated application.
- Use the Configure Mappings page to edit or manage existing mappings.
The Security Pulse Dashboard
The Security Pulse Dashboard is divided into four tabs, each focused on a different category of security telemetry. All tabs support filtering by date range and other criteria, allowing you to drill into specific time periods or segments.
The Overall Score tab provides a high-level summary of your organisation's security posture based on all ingested security events.
| Name | Description |
|---|---|
| Security Pulse Score |
|
| Security Pulse Score Trend |
|
| Role Count by Security Pulse |
|
| Security Pulse Report |
|
The Endpoint tab focuses on security events related to devices and endpoints in your environment — such as desktops, laptops, and mobile devices — captured from endpoint protection solutions like Microsoft Defender for Endpoint.
| Name | Description |
|---|---|
| Endpoint Score |
|
| Endpoint Score Trend |
|
| Endpoint Analysis Chart |
|
| Total Endpoint Events by Severity |
|
| Detected Endpoint Events Log |
|
The Web & Browser tab focuses on security events related to web browsing activity — such as visits to potentially malicious websites, blocked URLs, and browser-based threats.
| Name | Description |
|---|---|
| Web and Browser Score |
|
| Web and Browser Score Trend |
|
| Web and Browser Analysis Chart |
|
| Total Web and Browser Events by Severity |
|
| Detected Web and Browser Events Log |
|
The Email Behaviour tab captures and analyses security events related to email activity — providing insight into how your users interact with potentially malicious emails in their real inbox.
This provides charts and trend analysis to help you understand email-related risk across your organisation, and to identify users who may need additional phishing awareness training.
| Name | Description |
|---|---|
| Email Behaviour Score |
|
| Email Behaviour Score Trend |
|
| Email BehaviourAnalysis Chart |
|
| Total Email Behaviour Events by Severity |
|
| Detected Email Behaviour Events Log |
|
Comments
Please sign in to leave a comment.